bluegman991 Posted October 9, 2009 Share Posted October 9, 2009 (edited) Turns out I did have a copy of this mod! Copy and paste this into a file named account.php You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Edited August 1, 2011 by bluegman991 Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 Now about the signature mod I take no credit for it it is on_fire's mod in this thread after u have installed the account.php page all u have to do is run sql query [mysql]ALTER TABLE users ADD `profsignature` text NOT NULL;[/mysql] then add this into your profile werever u want it in viewuser.php (preferably close to the end of the page where its noticable) (NOTE: you may have to add a { and/or a } depending on where you put the code at) You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Refer to next post about enabling bbcode and disabling html Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 now if you want bbcode to be enabled and html to be disabled do the following in viewuser.php find <?php and after it add You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. then find You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. and below add You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. next find You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. and after it add You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Curt Posted October 9, 2009 Share Posted October 9, 2009 cool ill try this out now and post a comment in a few minutes :) Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 if you do not want the profile signature on their in account.php simply find and delete You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. then find and delete You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. hope u guys like it :thumbsup: Quote Link to comment Share on other sites More sharing options...
Curt Posted October 9, 2009 Share Posted October 9, 2009 hmmmm...for some reason i just get a blank white page on the account.php page... also on the SQL, you gotta remove that comma at the end :P...it throws up a error.. ill see if i can figure this out... Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 i just repasted my account.php codes to be sure i didnt miss or add anything try them if u havent fixed the prob yet Quote Link to comment Share on other sites More sharing options...
Curt Posted October 9, 2009 Share Posted October 9, 2009 well this looks like a nice mod... i copied the new code you put there and still same thing..a blank white page... I dont know..ill check back tomorrow and see if anyone else has the same problem i have... it might just be something i did wrong... very nice work on this though...a nice mod indeed :) later EDIT* hmm for some reason my online game doesnt tell me where the errors occurred ,which is stupid, but i put it in my offline server and it tells me theres a parse error on line 90 Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 hmmm well since its not required u could just delete that line but i dont no wats the problem. it could be the version of php ur using or something else. ill try to look into it and see if theres anything i can do to fix it Quote Link to comment Share on other sites More sharing options...
Curt Posted October 9, 2009 Share Posted October 9, 2009 well i guess it is the version of php im using... i deleted the line of code and it works fine :) nice work... EDIT** hmm...well i added a table to make it so its lined up...but when i submit it gives me an error... heres the error: Not Found The requested URL /account was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. I copied the original code back there and i get the same error when i submit the data... Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted October 9, 2009 Author Share Posted October 9, 2009 ty :D making mods are fun im gonna try some more :P Quote Link to comment Share on other sites More sharing options...
BoGFx Posted October 10, 2009 Share Posted October 10, 2009 Here is a friendly edit, just makeing everything a table, and the forms all lined up. Thanks for the great mod! You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. Quote Link to comment Share on other sites More sharing options...
Curt Posted October 10, 2009 Share Posted October 10, 2009 ok well i used the mod with the table added and all looks good but when i submit i get a SQL error.....i checked to make sure i have all entries in my users table and i do... this is the version of php and SQL i have.. PHP Version: 5.2.6 MySQL Version: 5.0.81-community am i out of date ?...lol Quote Link to comment Share on other sites More sharing options...
BoGFx Posted October 10, 2009 Share Posted October 10, 2009 What's your error? Quote Link to comment Share on other sites More sharing options...
Curt Posted October 10, 2009 Share Posted October 10, 2009 this is the sql error i get : QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' WHERE userid=1' at line 1 Query was UPDATE users SET username='ADMIN', display_pic='', forums_avatar='', forums_signature='', email='[email protected]', login_name='admin', profsignature=' WHERE userid=1 Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted October 11, 2009 Share Posted October 11, 2009 Line 91 need to be changed with You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. However, just as reminder... all those query are NOT safe. as nothing is done to prevent SQL injection... Quote Link to comment Share on other sites More sharing options...
Curt Posted October 11, 2009 Share Posted October 11, 2009 thanks a_bertrand, that one apostrophe was messing me up :P Quote Link to comment Share on other sites More sharing options...
CrackTheCoder Posted October 16, 2009 Share Posted October 16, 2009 This would be better if... If in the staff panel for admins only, it allowed you to turn on or off the certain features. like u can turn off display pic and the link wont show and the page will be deactiveated at a click of ur mouse lol. now if u can do that my friend.. this would be MUCH help. Quote Link to comment Share on other sites More sharing options...
Joshua Posted October 16, 2009 Share Posted October 16, 2009 2 problems I see here. You didn't secure the Display Pic or Sig feature Users could become an Admin within seconds :\ See MD5's response and answer to securing this [mccode v2.x] Auto-Admin Hack. Also note, i did not go through the signature page very well, but sigs are a key target for hacks unless secured properly. Quote Link to comment Share on other sites More sharing options...
Curt Posted October 19, 2009 Share Posted October 19, 2009 could someone assist me with securing this mod against the auto-admin hack ?... i looked over the post about it but i cant figure out how i would implement this.... thanks to you if u can assist me.... PM me or add me on MSN messenger : [email protected] thanks guys Quote Link to comment Share on other sites More sharing options...
bluegman991 Posted November 1, 2009 Author Share Posted November 1, 2009 update: now has admin hack protection so does the zip Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted November 3, 2009 Share Posted November 3, 2009 $db->query("UPDATE users SET username='{$_POST['newname']}', display_pic='{$_POST['newpic']}', forums_avatar='{$_POST['forums_avatar']}', forums_signature='{$_POST['forums_signature'] You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. also may wanna research such things on php.net MRES() addslashes() stripslashes() and so on maybe ctype_alnum() when changes strings with ereg_replace i suggest changing to preg_replace due to the new php... This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged. Quote Link to comment Share on other sites More sharing options...
a_bertrand Posted November 4, 2009 Share Posted November 4, 2009 Sorry Zero but your suggestion is by NO WAY more secure. To all: any string saved in the DB MUST be correctly quoted, and the automatic slashing of PHP will be by default disabled in future version and is already disabled on many websites. So, relying on this is not an option. The solution is to use mysql_real_escape for all the strings, and for number either use a sprintf with a %d or force the unknown type to a number with something like ($_POST["myval"]+0) which will returns either a 0 if it's some sort of string or the number. For this query this would be a real solution: You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. I don't continue as you can understand from this how it should go on :rolleyes: Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted November 4, 2009 Share Posted November 4, 2009 Your kidding right? I said research i did not do it for them as you did, this is a learning forum your not supposed to give them the solution but make them figure it out for themselves which is how i taught myself. You are obviously a "programmer" as your a admin on here but don't get me wrong the admin is never always right, atleast when nyna was a admin she never just give the solution away... Notice when reading over my post i never once said it was secure... i GAVE advise rather than showing people a easy solution and trust me im not the only one who would agree your MC codes version of a SQL entery is OLD. my version is like that for a reason for example if i was to... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. compared to my version... You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. a little FYI for the Admin Programmer it's mysql_real_escape_string not mysql_real_escape EDITED due to typo noticed by Kyle, also due to something pointed out to me i would suggest not using addslashes or stripslashes with MRES. Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted November 4, 2009 Share Posted November 4, 2009 @ a_bertrand: Your using mysql_escape_string which is deprecated. Thus mysql_real_escape_string will be better. You do know that the function "stripslash" does not exist right? Supposed to be "stripslashes" :whistling: This is how i would do what you guy's are doing. You're unable to view this code. Viewing code within this forum requires registration, you can register here for free. As mres play's a counter part with addslashes and stripslashes Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.